ComponentSpace

Forums



New OpenSSL Vulnerability


New OpenSSL Vulnerability

Author
Message
[email protected]
mzimmerman@accruent.com
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 21
A new OpenSSL vulnerability was published today and I'm unclear if it might affect my application that uses ComponentSpace's SAML SSO library. The vulnerability relates to name constraint checking during certificate validation. See official description here - https://www.openssl.org/news/secadv/20221101.txt. Please advise.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We don't directly or indirectly use OpenSSL so there shouldn't be any impact.



Regards
ComponentSpace Development
[email protected]
mzimmerman@accruent.com
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 21
ComponentSpace - 11/1/2022
We don't directly or indirectly use OpenSSL so there shouldn't be any impact.


Thanks for the quick reply! So no concerns about validating certs that were created using OpenSSL either?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
No. I don't believe so. This buffer overrun bug was in the OpenSSL code and is specific to their implementation.

We're waiting to see if there are any announcements from Microsoft.

What operating system(s) are you using for your deployments?

Regards
ComponentSpace Development
[email protected]
mzimmerman@accruent.com
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 21
ComponentSpace - 11/1/2022
No. I don't believe so. This buffer overrun bug was in the OpenSSL code and is specific to their implementation.

We're waiting to see if there are any announcements from Microsoft.

What operating system(s) are you using for your deployments?

Certs were created in a Windows desktop environment. Application is deployed on Ubuntu.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I suggest checking that Ubuntu isn't using a vulnerable version of OpenSSL.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search